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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely Hied 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I) S Responsive to communication(s) filed on 15 March 2005 . 
2a)H This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 21 3. 

Disposition of Claims 

4) I3 Claim(s) 1-18 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) H Claim(s) 1-18 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)S The drawing(s) filed on 09 July 2003 is/are: a)M accepted or b)D objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

II) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (0. 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1 -1 8 have been examined. 

2. Claims 1 , 8 and 1 5 have been amended in the amendment filed on March 1 5, 
2005. 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Response to Arguments 

4. Applicant's arguments with respect to amended claims 1 -1 8 have been 
considered but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC §112 

5. Claims 1, 8 and 15 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the enablement requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to enable one skilled in the art to 
which it pertains, or with which it is most nearly connected, to make and/or use the 
invention. The claims recite the new limitation of determining on a case-by-case basis 
access rights for a requestor. However, the step of determining is not implemented by 
the electronic device, but is defined to be the action of a human user of the invention. 
See Specification, pg. 10, lines 24-28. Hence, the determining step is a purely 
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subjective judgment based on the decisions of a specific user of the invention, and does 
not constitute as a feature of the electronic device. 

Claim Rejections - 35 USC § 103 

6. Claims 1-18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Kagal et al. "A Delegation Based Model for Distributed Trust" in view of Schneider et al. 
U.S. Patent No. 6,785,728 (hereinafter Schneider) and Pfleeger Security in Computing 
(hereinafter Pfleeger). 

7. As per claim 8, Kagal discloses a method for providing access to information 
(see Kagal, pgs. 5-6, section titled Protocols: Request for Action 1 ), the method 
comprising the steps of: 

a. receiving, on an electronic device, a request for the information, the 
request originating from an entity external to the electronic device (see Kagal. pg. 
6, step 4); 

b. providing a database, external to the electronic device, with 
cryptographically protected access information instructing the database to 
forward the information to the external entity (see Kagal, pg. 6, step 6). 

8. Kagal does not expressly teach displaying information requested in the request, 
and determining, on a case-by-case basis access rights for a requestor. Schnedier 
discloses requesting access to specific information by a client of the database to an 
administrator who is responsible for the access policy of the information set, whereupon 
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the administrator on a case-by-case basis determines access rights of the user to the 
particular information, whereby the determination step includes displaying requested 
information and access policy using a Windows GUI tool. Schneider, col. 25:62-67; 
figure 1 0. It would be obvious to one of ordinary skill in the art at the time the invention 
was made for access request decisions to be made by an administrator on a case-by- 
case basis, wherein the specific requested information is displayed to the administrator 
since it establishes a more fine grained security method by defining access policy based 
on flexible decision making pertinent to the requested resource rather than on broad 
stringent access rules. Schneider, col. 6:17-29. 

9. Further, the method of Kagal is a teaching of a delegation based model wherein 
the flow of delegation to authorize access is taught, but Kagal does not expressly 
disclose that the requested information and database are owned by an individual (the 
requested information and database are both owned by an entity in the example). 
However, transaction models that require distributed trust between an individual, a 
personal database, and an external entity are found in protocols involving users having 
portable personal databases (smart cards and memory cards on palm devices, cellular 
phones or laptops) accessing a network, wherein the network requires personal 
information, such as passwords to access an online account at a website or credit 
number to make a purchase at an online store. For example, Pfleeger describes such a 
transaction model to distribute trust between a user and a computing network using a 
smart card. See Pfleeger, pg. 392, 4 th full paragraph. It would be obvious to one of 
ordinary skill in the art at the time the invention was made for the requested information 
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and database to be personal. Motivation to combine enables a delegation based model 
for a user of a computing network as taught by Kagal and Pfleeger. Ibid. The 
aforementioned cover the limitations of claim 8. 

10. As per claim 9, the rejection of claim 8 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, the step of providing the external entity with the 
cryptographically protected access information further comprises the step of providing 
authentication tokens, the token comprising a digital signature that certifies the token's 
authenticity and integrity. Kagal, pg. 3, section under Infrastructure 1 , last paragraph: 
X.509 certificates are digitally signed; pg. 6, section under 'Request for Action', step 6. 
The aforementioned cover the limitations of claim 9. 

11. As per claims 10-12, the rejection of claim 8 under 35 U.S.C. 103(a) is 
incorporated herein, (supra) In addition, the owner of the personal information, who 
controls the database (entity XYZ owns the information and database-step 3), is the 
user of the electronic device (means of receiving the request from Marty-step 5), and is 
the owner of the electronic device (SA of entity XYZ). The aforementioned cover the 
limitations of claims 10-12. 

12. As per claims 13 and 14, the rejection of claim 8 under 35 U.S.C. 103(a) is 
incorporated herein, (supra) In addition, the external entity is allowed to read the 
personal information. Kagal, steps 4-6. Furthermore, write access to a database once 
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user authorization is approved is a well known implementation in the database art. For 
example, sql statements enable authorized users to use the 'update' key word to write 
to tables in a database schema. Examiner takes Official Notice of this teaching. It 
would be obvious to one of ordinary skill in the art at the time the invention was made 
for the external entity to be allowed to write information once the external entity has 
authorization since write access is a common data manipulation language feature as 
known to one of ordinary skill in the art. Finally, Pfleeger teaches personal databases 
store personal information, which require updates such as bank balances. Pfleeger, pg. 
392, 3 rd full paragraph. The aforementioned cover the limitations of claims 13 and 14. 

13. As per claim 1, the rejection of claim 8 under 35 U.S.C. 103(a) under 35 U.S.C. 
103(a) is incorporated herein, (supra) In addition, Kagal teaches an embodiment 
wherein the external entity submits a request to the electronic device wherein the 
electronic device provides a token to the external entity to access the information within 
the personal database. See Kagal, pg. 3, 1 st paragraph, last sentence and second 
paragraph. The aforementioned cover the limitations of claim 1 . 

14. As per claims 2-7, they are claims corresponding to the invention taught by Kagal 
and Pfleeger as outlined in the claim 1 and 8-14 rejections and they do not teach or 
define above the information taught by Kagal and Pfleeger. Therefore, claims 2-7 are 
rejected as being unpatentable over Kagal in view of Pfleeger for the same reasons set 
forth in the rejections of claims 1 and 8-14. 



Application/Control Number: 10/616,442 



Art Unit: 2132 



Page 7 



15. As per claim 15, the rejections of claim 1-14 under 35 U.S.C. 103(a) are 
incorporated herein, (supra) In addition, the method includes an electronic device 
comprising an authorization manager receiving a request for the personal information, 
the request originating from an entity external to the electronic device and verifying the 
requestor of the personal information as legitimate (Kagal, pg. 6, step 5; the security 
agent for XYZ); and a token generator, providing either an external database or the 
external entity with cryptographically protected access information instructing the 
database to forward the personal information to the external entity (Kagal, pg. 3, section 
under 'Infrastructure'; security agent creates and verifies the tokens). The 
aforementioned cover the limitations of claim 15. 

16. As per claims 16-18, they are claims corresponding to the invention taught by 
Kagal and Pfleeger as outlined above in the claim 1-15 rejections, and they do not teach 
or define above the information taught by Kagal and Pfleeger. Therefore, claims 16-18 
are rejected as being unpatentable over Kagal in view of Pfleeger for the same reasons 
set forth in the rejections of claims 1-15. 

Conclusion 

17. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
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§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jung W. Kim whose telephone number is (571 ) 272- 
3804. The examiner can normally be reached on M-F 9:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 



Business Center (EBC) at 866-217-9197 (toll-free). 
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Examiner 
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